| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
**Prevention of running 2 simultaneous updates**
Instead of using `RemoteMirror#update_status` and raise an error if
it's already running to prevent the same mirror being updated at the
same time we now use `Gitlab::ExclusiveLease` for that.
When we fail to obtain a lease in 3 tries, 30 seconds apart, we bail
and reschedule. We'll reschedule faster for the protected branches.
If the mirror already ran since it was scheduled, the job will be
skipped.
**Error handling: Remote side**
When an update fails because of a `Gitlab::Git::CommandError`, we
won't track this error in sentry, this could be on the remote side:
for example when branches have diverged.
In this case, we'll try 3 times scheduled 1 or 5 minutes apart.
In between, the mirror is marked as "to_retry", the error would be
visible to the user when they visit the settings page.
After 3 tries we'll mark the mirror as failed and notify the user.
We won't track this error in sentry, as it's not likely we can help
it.
The next event that would trigger a new refresh.
**Error handling: our side**
If an unexpected error occurs, we mark the mirror as failed, but we'd
still retry the job based on the regular sidekiq retries with
backoff. Same as we used to
The error would be reported in sentry, since its likely we need to do
something about it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We call `Project#mark_stuck_remote_mirrors_as_failed!` from the
`Git::BaseHooksService`. So that gets called every time we push tags
or branches.
Before this would only mark started mirrors as failed if they had
been started 24 hours ago. A push would never take 24 hours,
especially not when we run it so often.
Lowering that threshold 1 hour should at least allow us to retry
broken mirrors more often on pushes.
The timeout for the initial push is set somewhat longer to accommodate
for pushing large repos. Both numbers are currently picked arbitrarily.
|
| |
|
|
|
| |
Show disabled mirrors with a badge so that they
can be deleted by project owners.
|
| |
|
|
| |
Prepares us for upgrade to Rails 5.2
|
| |
|
|
| |
Model.new.attributes now also returns encrypted attributes.
|
| |
|
|
|
|
|
| |
Renamed UrlValidator to AddressableUrlValidator to avoid 'url:' naming collision with ActiveModel::Validations::UrlValidator in 'validates' statement.
Make use of the options attribute of the parent class ActiveModel::EachValidator.
Add more options: allow_nil, allow_blank, message.
Renamed 'protocols' option to 'schemes' to match the option naming from UrlValidator.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Retries in Sidekiq and in the remote mirror scheduler can cause repeated
attempts in quick succession if the sync fails. Each failure will then
send an e-mail to all project maintainers, which can spam users
unnecessarily.
Modify the logic to send one notification the first time the mirror
fails by setting `error_notification_sent` to `true` and reset the
flag after a successful sync.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56222
|
| |\
| |
| |
| |
| | |
[master] SSRF - Scan Internal Ports and GCP/AWS endpoints
See merge request gitlab/gitlabhq!2689
|
| | |
| |
| |
| | |
mirror urls
|
| |/
|
|
|
|
| |
The email is sent to project maintainers containing the last mirror
update error. This will allow maintainers to set alarms and react
accordingly.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
From https://gitlab.com/gitlab-org/gitlab-ce/issues/53515, we see the
backend appears to have inconsistent default values for this column:
* DB schema: false by default
* UI checkbox: false by default
* `RemoteMirror` model: true by default
This leads to unintended behavior where the boolean is activated if the
UI doesn't pass in a value for the checkbox.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remote mirrors only get created when the URL changes, However, during the GCP
migration, the remote mirror did not get created automatically. Plus, there's
no guarantee someone restoring a repository from backup would have this
remote. We now add the remote each time we attempt to fetch from the
repository.
This works because Gitaly doesn't throw up an exception or error if the
remote already exists:
https://gitlab.com/gitlab-org/gitaly/issues/1317
In the future, we should attempt to add if the remote doesn't exist:
https://gitlab.com/gitlab-org/gitaly/issues/1316
Closes #50562
|
| |\
| |
| |
| |
| | |
Enable frozen string in app/models/*.rb
See merge request gitlab-org/gitlab-ce!20851
|
| | |
| |
| |
| | |
Partially addresses #47424.
|
| |\ \
| |/
|/|
| |
| | |
[master] Don't expose project names in various counters
See merge request gitlab/gitlabhq!2418
|
| | |
| |
| |
| |
| |
| |
| | |
Various counters would expose either project names, or full project
paths (e.g. "gitlab-org/gitlab-ce"). This commit changes various places
where we use "add_event" so we no longer expose (potentially) private
information.
|
| |/ |
|
| | |
|
| |\
| |
| |
| |
| | |
Upgrade to Ruby 2.4.4
See merge request gitlab-org/gitlab-ce!19055
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes that make this work:
* A change in Ruby (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1)
requires passing in the exact required length for OpenSSL keys and IVs.
* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.
|
| |/
|
|
| |
because of SSRF
|
| |
|
|
| |
and remove reference to pull mirrors in view
|
| | |
|
| |
|
